A practical approach to detection of distributed denial-of-service attacks using a hybrid detection method

Bojović, Petar D.; Basicevic, Ilija; Ocovaj, Stanislav; Popović, Miroslav

doi:10.1016/j.compeleceng.2018.11.004

Cited by 44 publications

(13 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors observed that the variation in source IP address entropy and chi-square statistics due to fluctuations in legitimate traffic was small, compared to the deviations caused by DDoS attacks. Similarly, [26] combined entropy and volume traffic characteristics to detect volumetric DDoS attacks, while the authors of [27] proposed an entropybased scoring system based on the destination IP address entropy and dynamic combinations of IP and TCP layer attributes to detect and mitigate DDoS attacks.…”

Section: A Statistical Approaches To Ddos Detectionmentioning

confidence: 99%

Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Doriguzzi-Corin

Millar

Scott-Hayward

et al. 2020

IEEE Trans. Netw. Serv. Manage.

198

105

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks are one of the most harmful threats in today's Internet, disrupting the availability of essential services. The challenge of DDoS detection is the combination of attack approaches coupled with the volume of live traffic to be analysed. In this paper, we present a practical, lightweight deep learning DDoS detection system called LUCID, which exploits the properties of Convolutional Neural Networks (CNNs) to classify traffic flows as either malicious or benign. We make four main contributions; (1) an innovative application of a CNN to detect DDoS traffic with low processing overhead, (2) a dataset-agnostic preprocessing mechanism to produce traffic observations for online attack detection, (3) an activation analysis to explain LUCID's DDoS classification, and (4) an empirical validation of the solution on a resource-constrained hardware platform. Using the latest datasets, LUCID matches existing stateof-the-art detection accuracy whilst presenting a 40x reduction in processing time, as compared to the state-of-the-art. With our evaluation results, we prove that the proposed approach is suitable for effective DDoS detection in resource-constrained operational environments.

show abstract

Section: A Statistical Approaches To Ddos Detectionmentioning

confidence: 99%

Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Doriguzzi-Corin

Millar

Scott-Hayward

et al. 2020

IEEE Trans. Netw. Serv. Manage.

198

105

View full text Add to dashboard Cite

show abstract

“…However, the training convergence speed of this method is slow. Bojović et al [13] proposed a DDoS attackdetection method based on an exponential moving average algorithm. However, this method cannot detect attacks well when the packet forwarding rate of attack traffic is small.…”

Section: Related Researchmentioning

confidence: 99%

Flow Correlation Degree Optimization Driven Random Forest for Detecting DDoS Attacks in Cloud Computing

Cheng¹,

Tang

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Distributed denial-of-service (DDoS) has caused major damage to cloud computing, and the false- and missing-alarm rates of existing DDoS attack-detection methods are relatively high in cloud environment. In this paper, we propose a DDoS attack-detection method with enhanced random forest (RF) optimized by genetic algorithm based on flow correlation degree (FCD) feature. We define the FCD feature according to the asymmetric and semidirectivity interaction characteristics and use the two-tuples FCD feature consisting of packet-statistical degree (PSD) and semidirectivity interaction abnormality (SDIA) to describe the features of attack flow and normal flow. Then we use a genetic algorithm based on the FCD feature sequences to optimize two key parameters of the decision tree in the RF: the maximum number of decision trees and the maximum depth of every single decision tree. We apply the trained RF model with optimized parameters to generate the classifier to be used for DDoS attack-detection. The experiment shows that the proposed method can effectively detect DDoS attacks in cloud environment with a higher accuracy rate and lower false- and missing-alarm rates compared to existing DDoS attack-detection methods.

show abstract

“…The fitness functions for each solution or search agent in the swarm leads to proposal of taxonomy and identification of the best fit solution to the problem. Swarm Intelligence algorithms have been used in optimization problems such as Agent Swarm Optimization (ASO) with the coexistence of different agents and their interaction, to ensure problem specificity, facilitation for testing and application to real-life problems [13]. One of the concepts significantly used in cloud computing is virtualization, as it enables higher resource utilization and lower operating costs.…”

Section: B Computational Intelligence Based Ids Approaches In Cloudmentioning

confidence: 99%

A Meta-analytic Review of Intelligent Intrusion Detection Techniques in Cloud Computing Environment

Raj¹,

Pani²

2021

IJACSA

View full text Add to dashboard Cite

A practical approach to detection of distributed denial-of-service attacks using a hybrid detection method

Cited by 44 publications

References 19 publications

Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Flow Correlation Degree Optimization Driven Random Forest for Detecting DDoS Attacks in Cloud Computing

A Meta-analytic Review of Intelligent Intrusion Detection Techniques in Cloud Computing Environment

Contact Info

Product

Resources

About